| services.k3s.disable | Disable default components, see the K3s documentation.
|
| services.rke2.disable | Disable default components, see the RKE2 documentation.
|
| services.cfssl.disable | Endpoints to disable (comma-separated list)
|
| hardware.nvidiaOptimus.disable | Completely disable the NVIDIA graphics card and use the
integrated graphics processor instead.
|
| services.physlock.disableSysRq | Whether to disable SysRq when locked with physlock.
|
| services.unpoller.influxdb.disable | Whether to disable the influxdb output plugin.
|
| hardware.nvidia-container-toolkit.disable-hooks | List of hooks to disable when generating the CDI specification
|
| services.k3s.disableAgent | Only run the server
|
| services.gotenberg.downloadFrom.disable | Whether to disable the ability to download files for conversion from outside sources.
|
| services.unpoller.prometheus.disable | Whether to disable the prometheus output plugin.
|
| services.code-server.disableTelemetry | Disable telemetry.
|
| hardware.fw-fanctrl.disableBatteryTempCheck | Disable checking battery temperature sensor
|
| services.code-server.disableUpdateCheck | Disable update check
|
| services.code-server.disableFileDownloads | Disable file downloads from Code.
|
| services.nebula.networks.<name>.tun.disable | When tun is disabled, a lighthouse can be started without a local tun interface (and therefore without root).
|
| services.libinput.mouse.disableWhileTyping | Disable input method while typing.
|
| services.misskey.settings.db.disableCache | Whether to disable caching queries.
|
| services.code-server.disableWorkspaceTrust | Disable Workspace Trust feature.
|
| services.tailscale.disableTaildrop | Whether to disable the Taildrop feature for sending files between nodes.
|
| services.gotenberg.pdfEngines.disableRoutes | Disable routes related to PDF engines.
|
| security.pam.services.<name>.ttyAudit.disablePattern | For each user matching one of comma-separated
glob patterns, disable TTY auditing
|
| services.libinput.touchpad.disableWhileTyping | Disable input method while typing.
|
| services.libreswan.disableRedirects | Whether to disable send and accept redirects for all network interfaces
|
| services.gotenberg.chromium.disableRoutes | Disable all routes allowing Chromium-based conversion.
|
| services.spiped.config.<name>.disableKeepalives | Disable transport layer keep-alives.
|
| services.munin-node.disabledPlugins | Munin plugins to disable, even if
munin-node-configure --suggest tries to enable
them
|
| services.tailscale.disableUpstreamLogging | Whether to disable Tailscaled from sending debug logging upstream.
|
| services.komodo-periphery.disableTerminals | Disable remote shell access through Periphery.
|
| services.veilid.settings.core.capabilities.disable | A list of capabilities to disable (for example, DHTV to say you cannot store DHT information).
|
| services.code-server.disableGettingStartedOverride | Disable the coder/coder override in the Help: Getting Started page.
|
| services.komodo-periphery.disableContainerExec | Disable remote container shell access through Periphery.
|
| services.dae.disableTxChecksumIpGeneric | See https://github.com/daeuniverse/dae/issues/43
|
| services.libretranslate.disableWebUI | Whether to disable the Web UI.
|
| users.users.<name>.linger | Whether to enable or disable lingering for this user
|
| services.spiped.config.<name>.disableReresolution | Disable target address re-resolution.
|
| services.gotenberg.chromium.disableJavascript | Disable Javascript execution.
|
| services.gotenberg.libreoffice.disableRoutes | Disable all routes allowing LibreOffice-based conversion.
|
| users.extraUsers.<name>.linger | Whether to enable or disable lingering for this user
|
| services.microsocks.disableLogging | If true, microsocks will not log any messages to stdout/stderr.
|
| services.morty.key | HMAC url validation key (hexadecimal encoded)
|
| services.thanos.compact.downsampling.disable | Disables downsampling
|
| services.slskd.settings.web.https.disabled | Disable the built-in HTTPS server
|
| hardware.bluetooth.disabledPlugins | Built-in plugins to disable
|
| services.kubernetes.apiserver.disableAdmissionPlugins | Kubernetes admission control plugins to disable
|
| fileSystems.<name>.noCheck | Disable running fsck on this filesystem.
|
| services.nezha-agent.settings.disable_nat | Disable NAT penetration.
|
| services.davis.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.slskd.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.movim.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| i18n.glibcLocales | Customized pkg.glibcLocales package
|
| services.tt-rss.plugins | List of plugins to load automatically for all users
|
| services.snipe-it.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.ghostunnel.servers.<name>.disableAuthentication | Disable client authentication, no client certificate will be required.
|
| services.akkoma.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.fluidd.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.gancio.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.monica.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.matomo.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| boot.tmp.useZram | Whether to mount a zram device on /tmp during boot.
Large Nix builds can fail if the mounted zram device is not large enough
|
| boot.tmp.useTmpfs | Whether to mount a tmpfs on /tmp during boot.
Large Nix builds can fail if the mounted tmpfs is not large enough
|
| services.prometheus.exporters.chrony.disabledCollectors | Collectors to disable which are enabled by default
|
| services.coturn.no-tcp | Disable TCP client listener
|
| services.coturn.no-tls | Disable TLS client listener
|
| services.coturn.no-udp | Disable UDP client listener
|
| services.plausible.server.disableRegistration | Whether to prohibit creating an account in plausible's UI or allow on invite_only.
|
| services.lighthouse.beacon.disableDepositContractSync | Explicitly disables syncing of deposit logs from the execution node
|
| services.gollum.no-edit | Disable editing pages
|
| users.users.<name>.enable | If set to false, the user account will not be created
|
| services.coturn.no-dtls | Disable DTLS client listener
|
| services.dolibarr.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.fediwall.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.agorakit.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.librenms.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.kanboard.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.pixelfed.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.mainsail.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.netbird.server.management.disableSingleAccountMode | If set to true, disables single account mode
|
| services.radicle.httpd.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.k3s.autoDeployCharts.<name>.enable | Whether to enable the installation of this Helm chart
|
| services.rke2.autoDeployCharts.<name>.enable | Whether to enable the installation of this Helm chart
|
| services.anuko-time-tracker.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.nginx.virtualHosts.<name>.http2 | Whether to enable the HTTP/2 protocol
|
| services.netbird.server.management.disableAnonymousMetrics | Disables push of anonymous usage metrics to NetBird.
|
| services.suricata.disabledRules | List of rules that should be disabled.
|
| services.bookstack.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.davis.nginx | Use this option to customize an nginx virtual host
|
| services.coturn.no-tcp-relay | Disable TCP relay endpoints
|
| services.coturn.no-udp-relay | Disable UDP relay endpoints
|
| boot.supportedFilesystems | Names of supported filesystem types, or an attribute set of file system types
and their state
|
| services.jirafeau.nginxConfig.http2 | Whether to enable the HTTP/2 protocol
|
| users.extraUsers.<name>.enable | If set to false, the user account will not be created
|
| <imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.disableAuthentication | Disable client authentication, no client certificate will be required.
|
| services.zabbixWeb.nginx.virtualHost.http2 | Whether to enable the HTTP/2 protocol
|
| services.minio.browser | Enable or disable access to web UI.
|
| services.bitcoind.<name>.prune | Reduce storage requirements by enabling pruning (deleting) of old
blocks
|
| services.prometheus.exporters.frr.disabledCollectors | Collectors to disable which are enabled by default.
|
| services.cloudflared.tunnels.<name>.originRequest.disableChunkedEncoding | Disables chunked transfer encoding
|
| services.prometheus.exporters.node.disabledCollectors | Collectors to disable which are enabled by default.
|
| services.murmur.logDays | How long to store RPC logs for in the database
|
| services.prometheus.exporters.opnsense.disabledExporter | Collectors to enable or disable
|